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302 

An update catalog is maintained on a server 
and is transmitted to a client at intervals. 



304 

Audit data is generated on client 
based on queries made to operating system 
and the update catalog sent by the server. 



306 

The audit data is analyzed on the server. 
Selection of approved updates is made. 
Corresponding software updates are 
distributed to client. 



308 

Approved updates are installed on the client. 
Reboot of the client may be based on 
a dynamic restart detection. 
Success codes are evaluated. 
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402 

Server periodically downloads update catalog 

from central authority. 



404 

Server checks the "authenticode" signature on 
the catalog as a precaution. 



406 

Update catalog is stored in an SMS package. 
SMS is told that the package has changed, 
thereby prompting SMS to replicate package 

to all clients. 



500 




502 

Scan tool calls scan engine 
to perform audit of client software. 



504 

Scan engine uses update information, 
typically in XML form, 
to perform audit of client software. 



5 



506 

Scan tool saves audit results from 
scan engine into a queryable interface, such 

as a WMI repository. 
SMS is alerted to replicate data to server. 
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602 

The scan engine reads the XML file contained 
in the update information. 



604 

The scan engine queries the operating 
system to determine the existence of files to 
which reference was made in the update 

information. 



606 

The rules contained in the update document 
are then applied, to determine the files to 
which an update should be applied, 
and the identity of the update. 



608 

The scan engine returns the audit data to the 

scan tool. 
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702 

User interface is opened, thereby allowing an 
IT technician using the server to view audit 
results for one or more client systems. 



704 

A vulnerability matrix is generated and 
displayed. The vulnerability matrix shows 
client file inventory, recommended updates 

and indication of whether update was 

applied. 



706 

User interface allows IT technician to indicate 
select approved updates. 



708 

Approved updates are selected from group of 
updates having passed testing on a test 

collection. 



710 

Required updates are obtained from an 
appropriate download center. 



712 

Suppression of reboot may be indicated for 

different updates. 



714 

Updates may be classified 
for dynamic rebooting. 



716 

Approved updates are transferred 
to client via SMS. 
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802 

A user interface is opened, giving a 
user the opportunity to have updates 

installed. 



i 



804 

A countdown timer causes 
appropriate default actions to be 
taken if no one is present at the 
client computer. 



806 

Where grace period has ended and 
enforcement period has started, the 
"postpone" option is eliminated. 



808 

The appropriate scan tool from the 
scan tool cache is executed for a 
just-in-time assessment of the client. 



I 



810 

The WMI class is queried, and the 
result intersected with the list of 
approved updates received from the 

server. 



812 

Each update is checked to see if an 
enforcement period has been 
reached. 




800 



814 

For each approved update that is 
enforced and applicable, the update 
is installed using the meta-data 
included in the XML file. 



816 

Following the install, a status 
message is issued for each update, 
and a summary event for overall 
status of the evaluation/installation 
cycle is also issued. 
Success code mapping may be 
performed. 



818 

Service level data is transmitted to 
the software update approval tool. 



820 

The WMI class is updated to reflect 
newly installed updates, and the 
SMS inventory process is 
conditionally started. 



I 



822 

Determination is made if a system 
reboot is needed, and a check is 
made to ensure that the system is 
permitted to be reboot. 
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[ 902 
The IT department associates a grace period 
with an update, after which an enforcement 

period is scheduled. 
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906 

A computer for which an update is scheduled 
is found on, or returned to, a network, thereby 
starting the grace period. 



908 

User invokes grace period to allow for 
productive computing. 



910 

User permits installation of update, 
possibly followed by a reboot. 



912 

Where grace period ends without user 
permitting the installation of the update, the 
enforcement period forces the user to accept 
the installation of the update. 



914 

Workstation performs installation of update, 
possibly followed by a reboot. 
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1002 

Updates are associated with rebooting 
instructions, thereby informing the software 
update installation agent of the rebooting 

requirements. 



1004 

Where an update was designated as an 
exclusive primary update, the update is 
applied individually prior to other updates, to 
be followed by a reboot. 



1006 

Updates designated for exclusive installation 
and reboot are installed individually and the 

system is rebooted. 



1008 

Where an update was designated for 
automatic reboot determination, a reboot is 
performed only if indicated by conditions 
found after the install. 



i 



1010 

Where a reboot was designed as being 
"always" or "never" indicated, the reboot is 
performed, or not performed, as indicated. 



1012 

Where suppression of 
the reboot was indicated, the reboot is 
delayed until an appropriate time. 
Annoyance mode may be invoked. 
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1102 

Following installation of an update, a success 
code table is consulted, and the success code 
resulting from the update installation is 

checked . 



1104 

Where the update installation was part of a 
testing procedure, the IT technician may edit 
the success code table. 



1106 

Where the success code table is being edited, 
the table may be organized by groups, 
wherein the groups may be associated with 
update installation engine technology. 



I 

1108 

The IT technician may further edit the success 
code table to accommodate the installation of 
updates resulting in codes which are 
exceptions to general rules. 



I 

1110 

In a non-test environment, upon location of a 
success code within the success code table, 

the results of the success code are 
interpreted according to a mapping process 

resulting from operation of the table. 
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1202 

Notification icon is visible to user at all times 



1204 

Right-clicking icon provides a choice between 
"Display Reminders" and "Install Software 

Updates" 



I 



1206 

The Display Reminders option reveals the 
grace and enforcement periods that the 
corporate IT administration has associated 

with the updates. 



I 



1208 

The Install Software Updates selection 
provides user interface which allows the user 
to schedule the installation of the updates. 



I 



1210 

Reminder is periodically shown (e.g. at start 
up and at intervals) to the user which reminds 
of the updates needed and of the timing of the 
grace and enforcement periods. 



1212 

Updates and reboots are performed 
according to the user's schedule or 
automatically, at the end of the grace period. 



I 



1214 

Where a reboot was not performed, such as 
due to a postponement, annoyance mode 
prods the user to reboot. 



i 



1216 

Reboot is performed, thereby bringing 
updates into service. 
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with a software update (software patch) will expire 
soon, and the enforcement period will follow. 
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Perform 




Schedule 




More 


li " d 
Cancel 


Update 




Update 




Detail 



1500 




?ca. 15 



Schedule Software Updates 



r Software Update Schedule Setup 




Update Start Time: 
Reboot Start Time: 




09:00PM 




10:00PM 



OK 



Cancel 



■SI 



x 




1600 



16 



MS1-1552US 

S/N: 

Inventor: Rob Wickham et al 
Title: Software Updating System and Method 

12 of 16 



1700 




1702 

Associate servers into groups sized to allow 
simultaneous updating of servers in each 
group without disrupting work flow. 



1704 



Determine anticipated times for application of 
each update. Adjust times, if necessary, 
according to individual server. Set failsafe 
timeout periods for each update. 



1706 

Determine specific time period, i.e. a change 
window, during which each group of servers 
may be taken down for updating in given 
period of time. E.g. one hr. per month. 



( } . 


I > 


17 

Apply as many up 
during the ch; 
Monitor failsafe time 


08 

•dates as possible 

ange window. 

out for each update. 



n 



1710 

When time remaining within change window is 
less than the time required (e.g. failsafe 
timeout) for application of any remaining 
update, installation of updates is suspended. 



\ 




1712 

Identify, for potential installation in the next 
change window, any updates for which time 
was insufficient allow installation. 






1714 

Reboot server and bring back on line. 
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1802 | 
A large number of updates are grouped into a 1 

single package. J 


• 


r 


1804 

The package is configured with content from a 
trusted authority of update content. 






1806 

The package is configured to support 
differential enforcement as applied to different 

client computers. 




I > 


18 

The package is o 
consul 


.08 

onfigured for SMS 
nption. 



1810 

The package is distributed to a plurality of 
clients, wherein the clients are associated 
with multiple service levels. 



1812 

The content in the package is applied 
differentially according to requirements of 

each client group. 
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1902 

A partition is formed within a package 
containing large number of updates. 



1904 

The partition may separate trusted updates 
from un-trusted updates. 



1906 

The partition is expressed using an XML file 
configured to inform different clients of the 
updates suitable for their consumption. 



1908 

Trust of the updates within the package is 
based on performance within a test 

environment. 



1910 

Un-trusted updates are merged with trusted 
updates after approval process in test 
environment. The merger may be 
accomplished by editing the XML document. 
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2102 

A file, such as an XML file, is opened to 
record information including updates approved 
for a reference computer. 



2104 

A template mode feature scans a reference 
system and generates an authorization list of 
updates associated with a standard image. 



2106 

Authorization list is incorporated into the 
template, which is written to the XML file. 



I 



2108 

Template can be consumed and deployed as 
a mirror of the desired state. 



2110 

The deployed template is used to speed time 
from update detection to update deployment. 



i 



2112 

Client computers are updated according to 

the template. 




21 



